Sigh...enable forced updates and it's "Windows doesn't give us control," disable forced updates (to align with the other OSes on the market) and it's "Microsoft is letting security issues fester!"

The question I have is what is the right strategy for a security-conscious OS? Should all trust be placed in the user, even when the user is grandma? Should all trust be placed in a giant megacorp? Should all trust be placed in an OEM?

This is just fear mongering and stupid. Wsus has been available and used on corporate networks for over a decade. It's nothing new. Besides, maybe this will even provide the ability to prevent installing more MS spyware

"OK, Lenovo. We understand that you've built backdoors into your hardware, and that our updates are trying to fix those backdoors. In the interest of continuing revenue, we will turn a blind eye to your misdeeds. We will grant you hardware-specific exceptions. Wet, smoochy kisses, Microsoft."

This is getting ridiculous, and this title is nothing more than fear mongering. The Windows 10 "edition" their talking about is Windows 10 IOT (an OEM version of the operating system for embedded devices) not a consumer version of Windows 10. More importantly, when talking about embedded operating systems it is a TERRIBLE thing to enforce the newest security updates (or any updates) immediately to the device. That practice can cause loss of functionality of the device's software, and in worst cases it can end in accidental destruction of the device (depending on how the failure happens, it can be dangerous to those around the device since anything with a battery can explode). This isn't to say that embedded device manufacturers WON'T be using security updates, it simply gives them a chance to test the updates thoroughly before giving them to their target audience, be that consumers or industry. In most cases these devices are hardened and receive custom updates from the manufacturer anyway, but will still get the OS updates at most 2 months or so later.

This is bad because most hardware manufacturers do not give a rat's ass about updates after you pay for the device. Just look at the masses of Android devices stuck on 4.1, when they are fast enough to easily run something newer.